Trojan Horse Making Its Way Into Windows Systems

 
 
By Dennis Fisher  |  Posted 2003-11-25 Print this article Print
 
 
 
 
 
 
 

The new Sysbug Trojan, which is hidden in an e-mail claiming to be carrying pornographic pictures, provides its creator with a backdoor into infected systems running versions of Windows from 95 through XP.

A new Trojan horse hidden in an e-mail purported to be carrying pornographic pictures is beginning to make the rounds on the Internet. The Trojan is known as Sysbug and provides its creator with a backdoor into infected systems running versions of Windows from 95 through XP. It copies itself to the Windows installation folder and also adds a new registry entry that ensures the Trojan will run every time the PC starts up.
Once resident on a computer, Sysbug is capable of copying a variety of data about the machine and sending it back to its creator, according to Sophos Inc., an anti-virus company based in Lynnfield, Mass. The Trojan gathers data on e-mail accounts and remote access accounts, then opens TCP port 5555 and listens for commands from its author. The Trojan arrives in an e-mail with an attachment that is zipped and contains an executable. The e-mail begins: "Hello my dear Mary, I have been thinking about you all night. I would like to apologize for the other night when …" The message then goes into more explicit detail. The e-mail comes from james2003@hotmail.com and the subject line says "Re[2]: Mary." Discuss this in the eWEEK forum.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel